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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 
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3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) ^ Claim(s) 1-12 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 
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6) |EI Claim(s) 1-12 is/are rejected. 
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10) ^ The drawing(s) filed on 12 March 2004 is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
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DETAILED ACTION 

1. Claims 1-12 are pending. 

Information Disclosure Statement 

2. Applicant indicated that an updated IDS including dates for NPL references was 
included along with the response to office action. Examiner was unable to locate the 
updated IDS. Examiner respectfully requests the IDS be resubmitted. 

Response to Arguments 

3. Applicant's arguments with respect to claims 1-12 have been considered but are 
not persuasive. 

4. Applicant argues on page 9 that the combination of Kahn and Ho fail to teach a 
system "configured to change between users on a common authentication level by 
changing the documentation user object... wherein the documentation user objects 
identify the users at the level of the application program." Examiner respectfully 
disagrees. Kahn teaches a system configured to change between users on a common 
authentication level by changing the documentation user object... wherein the 
documentation user objects identify the users at the level of the application program 
(Kahn, Figure 2, column 17 lines 1-10). Contrary to Applicant's assertions, Kahn does 
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not teach the login procedure at the operating system level. Applicant has not cited any 
portion of Kahn that suggests that the operating system provides the login procedure. 
Instead, Kahn discloses the use of applications to process requests which include 
authorization modules (Kahn, column 16 line 62 - column 17 line 10, software 
applications). These authorization modules are not operating system based, but are 
instead provided by software modules or software applications (Kahn, column 10 lines 
18-28). Thus, Kahn discloses documentation user objects identifying users at the level 
of the application program and teaches changing between users on a common 
authentication level by changing the documentation user objects (Kahn, Figure 2, 
column 17 lines 1-10, column 10 lines 18-18). 



Claim Rejections - 35 USC § 103 



The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

1 . Claims 1-2, 4-8, and 10-12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kahn US Patent No. 7,185,192 in view of Ho US Patent No. 
6,148342. 

2. With regards to claims 1, 5, 7, 11, Kahn teaches an electronic data processing 



facility adapted to run an operating system for configuring the data processing facility 
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and an application program for editing data comprising (Kahn, column 12 line 48 - 
column 13 line 15) a data store for storing the data (Kahn, Figure 1 Item 350-3, column 
19 lines 49-55, managed resource database), and a user object memory for storing user 
objects for authenticating and documenting access to the data (Kahn, column 18 lines 
15-35, users accounts and user/groups/role identities, Figure 1 Items 350-1 and 350-2), 
and for storing an authentication user object which is assignable a data access right at 
the level of the operating system (Kahn, column 18 lines 35-45, identity of a role is 
determined) and which is assignable to a plurality of documentation user objects for 
authenticating the data access right to the documentation user objects (Kahn, column 
19 lines 49-63, identity and role is combined with access type and resource identifier to 
make an access request which is authenticated), the electronic data processing facility 
is configured to change between users on a common authentication level by changing 
the documentation user object, the users on the common authentication level having a 
common authentication user object (Kahn, column 17 lines 29-55, common 
authentication level of a group/role used to authorize, not individual users), and the 
documentation user objects identifying users at the level of the application program 
(Kahn, Figure 2, column 17 lines 1-10). Kahn discloses a log and audit database but 
fails to disclose the specific functionality of a documentation memory for storing 
documentation data for documenting access to the data and the user object memory 
being further for storing documentation user objects storable in the documentation 
memory at the level of the application program for the purpose of documenting access 
to the data. However, Ho teaches a documentation memory for storing documentation 
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data for documenting access to the data and the user object memory being further for 
storing documentation user objects storable in the documentation memory at the level 
of the application program for the purpose of documenting access to the data (Ho, 
column 5 lines 21-43, log), and the documentation user objects being separate from the 
authentication user objects (Ho, column 5 lines 21-43). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize Ho's 
method of logging because it offers the advantage of improving security by allowing an 
auditor to determine if there are data access irregularities which would suggest an 
intruder attempted to or succeeded in accessing data (Ho, column 5 lines 21-43, log). 

3. With regards to claims 2, 8, Kahn as modified teaches a security check is 
performed (Kahn, column 18 lines 20-25, login process and authentication) to identify a 
user prior to accessing the data (Kahn, column 18 lines 20-30, validates information 
from user, column 18 lines 36-40, identity is determined before request) and wherein a 
documentation user object and an authentication user object are assignable to a user 
on the basis of a result of the security check (Kahn, column 18 lines 25-35, user 
identifier and role are assigned). 

4. With regards to claims 4, 10, Kahn as modified teaches the user object 
memory is connected to the data processing facility via a connection suitable for data 
communication (Kahn, Figure 1, column 12 lines 50-55). 

5. With regards to claims 6 and 12, Kahn as modified teaches a storage medium 
on which information is stored adapted to interact with an electronic data processing 
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facility in order to carry out the method of claim 5 (Kahn, Figure 1 , column 1 9 lines 33- 
55, resource server, managed resources database). 



6. Claims 3 and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Kahn US Patent No. 7,185,192 and Ho US Patent No. 6,148342, as applied to 
claims 1 and 5 above, and in further view of Wood et al US Patent No. 6,892,307. 

7. With regards to claim 3 and 9, Kahn as modified fails to specifically teach at 
least one of a device for checking biometric data, a device for checking at least one of a 
mechanical and electronic key and a device for checking a chip card to perform the 
security check. However, Wood teaches at least one of a device for checking biometric 
data, a device for checking at least one of a mechanical and electronic key and a device 
for checking a chip card to perform the security check (Wood, column 4 lines 38-50, 
evidence including retina, fingerprint, voiceprint, smart card, and keys). At the time the 
invention was made, it would have been obvious to a person of ordinary skill in the art to 
utilize Wood's method of authentication because it provides the advantage of multiple 
forms of authentication evidence thus allowing for multiple levels of trust to be 
established for a user based upon which authentication mechanisms are used (Wood, 
column 2 lines 29-44). 



Conclusion 
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Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ANDREW L. NALVEN whose telephone number is 
(571)272-3839. The examiner can normally be reached on Monday - Thursday 8-6, 
Alternate Fridays. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/Andrew L Nalven/ 

Primary Examiner, Art Unit 2134 



